Episode 214: Securing Your Web Apps and Source Code with Feross Aboukhadijeh
46:04 Share

Recording date: 12/1/2022

John Papa @John_Papa)

Ward Bell @WardBell)

Dan Wahlin @DanWahlin)

Craig Shoemaker @craigshoemaker)

Feross Aboukhadijeh @Feross)

Brought to you by

- AG Grid)

)

- IdeaBlade)

Resources:

• Feross Aboukhadijeh’s website)
• Feross Aboukhadijeh’s GitHub)
• Log4j)
• The Federal Trade Commission’s (FTC) note on Log4j)
• Socket – Secure your JavaScript supply chain)
• What’s really going on in your node_modules folder?)
• Vulnerability scanning isn’t enough to protect your app)
• Auditing npm packages for security vulnerabilities)
• GitHub Dependabot)
• List of package security issues that Socket detects)
• List of npm packages that have been removed from npm for security reasons)
• Feross’s Web Security class at Stanford University)
• Darknet Diaries)
• DEFCON conference)
• Have I Been Pwned?)
• Troy Hunt)
• 1% of CMS-Powered Sites Expose Their Database Passwords)

Timejumps

• 00:44) World Cup welcome
• 02:08) Security in applications
• 03:20) Guest introduction
• 04:41) Why should you worry about your software supply chain?
• 07:41) Sponsor: Ag Grid
• 08:50) What's the attack vector like and what's the threat?
• 15:54) Depending on dependancies to find security issues
• 22:16) Sponsor: IdeaBlade
• 23:13) Make it easy to do the right thing
• 29:16) What was log4j?
• 33:45) How does Socket work?
• 34:36) Final thoughts

Podcast editing on this episode done by Chris Enns of Lemon Productions).